DHS CISO puts focus on network optimization, monetization

The Department of Homeland Security is undertaking several network optimization and monetization activities that will require the involvement of integrators to bring to completion.

At a recent summit (sponsored by immixGroup), Paul Beckman, DHS CISO, talked about the challenges related to network optimization and the steps the agency is taking to ensure both security and operational efficiency.

In particular, DHS is taking a close look at its Security Operations Center optimization, from maturity standards to contracting. The agency’s also looking for “network monetization” through the GSA’s Enterprise Infrastructure Solutions (EIS) contract, in the form of regaining lost workforce hours through automation.

As noted by Beckman, DHS has 16 “loosely federated security operation centers spread geographically throughout the entire country, with varying degrees of maturity.” Beckman’s challenge lies in how to bring them all up to the minimum baseline of security standards.

His first attempt, which focused on consolidation, “didn’t go over too well with my colleagues,” as neither cost effective nor beneficial, Beckman said. That’s when the effort shifted to optimization.

According to Beckman, the optimization process at DHS is broken into three components: Raising the levels of maturity standards in the 16 SOCs, identifying standardized tools and processes and streamlining contracting.

For the maturity component, Beckman and his team decided to “emulate” the DOD Cyber Security Service Provider model.

“We establish what those maturity standards need to be, and we audit you against those standards and see if you meet the mark,” Beckman explained. “If you do, you get certified as a center of excellence, capable of providing security monitoring as a service to anyone within DHS.” Audited organizations that do not meet those minimum standards would be required to go to one of the centers of excellence that did pass for help in improving.

The second part of the optimization process is identifying standardized tools and processes, which is an ongoing effort. “How do we analyze and mitigate risk? How do we do incident response? We need to standardize on processes and tools by which we do that,” Beckman explained.

The third piece is contracting.

“I had eight contracts out there across the department for the eight agencies under DHS, all essentially doing the same thing,” Beckman explained. “It wasn’t an efficient way to consume security services. So, we will be consolidating all of those contracts into one and have one vehicle for SOC services.”

Getting Buy-in on Optimization

For Beckman, getting buy-in from DHS's component organizations was an important lesson learned. “DHS is a unique organization. We have a lot of heavy players and it's sometimes hard to get us marching to the beat of one drum,” he explained.

Beckman got buy-in through the optimization process by breaking out each of the three aspects of optimization into integrated product teams and assigning aspects of the process to the component agencies.

“I've got Customs and Border Protection running the tools and processes piece, I've got Immigration and Customs Enforcement running the maturity standards piece and I've got Secret Service running the contracts piece,” Beckman explained.

By giving the component agencies a vested interest in having them drive home their component, “they are able to develop it from the ground up and bring that to the enterprise level. So far that has been an extremely effective strategy for how we get that SOC optimization project up,” he said.

Getting to Monetization Through Automation

Beyond SOC optimization, Beckman said DHS is in the process of “completely overhauling and modernizing our infrastructure” with an eye toward “network monetization.” He noted that the EIS contract under GSA requires leveraging integrators to find the means to address that monetization.

Among the new technology Beckman expects to emerge from the EIS contract is a new focus on automation and orchestration. “I think that is going to be a game changer with respect to how we do incident response,” he said.

A year ago, based on SOC analysts’ reports, one-third of analyst time was consumed by responding to privacy spills, he explained. But “advanced persistent threat is what keeps me up at night – the bad guys getting into our networks and actually doing potential harm to our systems and potentially critical infrastructure.”

Mitigating a privacy spill is a repetitive task that lends itself to automation. “With automation orchestration, I can regain control over my analysts' extremely valuable time. One-third of their time is given back to me.”

“That's exactly what I'm after,” Beckman said.